Vulnerabilities > Blaauwproducts

DATE	CVE	VULNERABILITY TITLE	RISK
2020-05-07	CVE-2019-18872	Weak Password Requirements vulnerability in Blaauwproducts Remote Kiln Control 3.0.0 Weak password requirements in Blaauw Remote Kiln Control through v3.00r4 allow a user to set short or guessable passwords (e.g., 1 or 1234). network low complexity blaauwproducts CWE-521	5.0
2020-05-07	CVE-2019-18871	Path Traversal vulnerability in Blaauwproducts Remote Kiln Control 3.0.0 A path traversal in debug.php accessed via default.php in Blaauw Remote Kiln Control through v3.00r4 allows an authenticated attacker to upload arbitrary files, leading to arbitrary remote code execution. network low complexity blaauwproducts CWE-22	6.5
2020-05-07	CVE-2019-18870	Path Traversal vulnerability in Blaauwproducts Remote Kiln Control 3.0.0 A path traversal via the iniFile parameter in excel.php in Blaauw Remote Kiln Control through v3.00r4 allows an authenticated attacker to download arbitrary files from the host machine. network low complexity blaauwproducts CWE-22	4.0
2020-05-07	CVE-2019-18869	Unspecified vulnerability in Blaauwproducts Remote Kiln Control 3.0.0 Leftover Debug Code in Blaauw Remote Kiln Control through v3.00r4 allows a user to execute arbitrary php code via /default.php?idx=17. network low complexity blaauwproducts	7.5
2020-05-07	CVE-2019-18866	SQL Injection vulnerability in Blaauwproducts Remote Kiln Control 3.0.0 Unauthenticated SQL injection via the username in the login mechanism in Blaauw Remote Kiln Control through v3.00r4 allows a user to extract arbitrary data from the rkc database. network low complexity blaauwproducts CWE-89	5.0
2020-05-07	CVE-2019-18864	Information Exposure vulnerability in Blaauwproducts Remote Kiln Control 3.0.0 /server-info and /server-status in Blaauw Remote Kiln Control through v3.00r4 allow an unauthenticated attacker to gain sensitive information about the host machine. network low complexity blaauwproducts CWE-200	5.0
2020-05-07	CVE-2019-18868	Insufficiently Protected Credentials vulnerability in Blaauwproducts Remote Kiln Control 3.0.0 Blaauw Remote Kiln Control through v3.00r4 allows an unauthenticated attacker to access MySQL credentials in cleartext in /engine/db.inc, /lang/nl.bak, or /lang/en.bak. network low complexity blaauwproducts CWE-522	5.0
2020-05-07	CVE-2019-18867	Information Exposure vulnerability in Blaauwproducts Remote Kiln Control 3.0.0 Browsable directories in Blaauw Remote Kiln Control through v3.00r4 allow an attacker to enumerate sensitive filenames and locations, including source code. network low complexity blaauwproducts CWE-200	5.0
2020-05-07	CVE-2019-18865	Information Exposure vulnerability in Blaauwproducts Remote Kiln Control 3.0.0 Information disclosure via error message discrepancies in authentication functions in Blaauw Remote Kiln Control through v3.00r4 allows an unauthenticated attacker to enumerate valid usernames. network low complexity blaauwproducts CWE-200	5.0

Vulnerabilities > Blaauwproducts {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Blaauwproducts"}]}

Vulnerabilities > Blaauwproducts